The International Organization for Standardization (ISO) has released a second edition to ISO 27018, its guidance for cloud service providers who process personally identifiable information (PII), which was initially released in 2014. As we know, the world of information technology and the protection of PII is an ever-evolving concern. We addressed how ISO 27018 interplays with other key regulations (such as the GDPR) here. Now with this new guidance set forth from ISO, it begs the question: is this a major or minor change?
Cloud computing technologies have revolutionized the way organizations manage and store their information. Where companies used to house and maintain their own data, a host of organizations have now made the switch to a cloud-based model due to the ease of use and cost-saving benefits promised by the cloud.